[CalendarServer-users] calendarserver on debian via nss and kerberos

Wed Mar 4 03:04:09 PST 2009

On Tue, Mar 03, 2009 at 02:14:34PM +0100, Georg Troska wrote:
> Hi,
> I was able to do it with Ubuntu Intrepid.
>
> Kerberos works. NSS not at the moment. I wrote a script that runs via  
> cronjob creating a xml-file from LDAP for the user information.
> I'm still working on the NSS thing.
>
> Use account.xml with no password and loginnames that are of the same  
> kind than in your kerberos database. Make sure that your keytab is  
> readable by caldavd and use lowercase http/ (not HTTP/) for the  
> principal entry.
> Kerberos based login are depending on your client as well. Which one are 
> you using?
>
> Georg

I followed your idea, and now i'm trying with a generated account.xml
with kerberos authentication.
it still doesn't work, but with a more verbose error: here is the log.

2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] Log opened.
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] twistd 8.1.0 (/usr/bin/python 2.5.2) starting up
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] reactor class: <class 'twisted.internet.selectreactor.SelectReactor'>
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] twisted.web2.channel.http.HTTPFactory starting on 8008
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] Starting factory <twisted.web2.channel.http.HTTPFactory instance at 0x188d7a0>
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] twisted.web2.channel.http.HTTPFactory starting on 8443
2009-03-04 11:45:48+0100 [-] [caldav-8008]  [-] set uid/gid 103/105
2009-03-04 11:45:48+0100 [twistedcaldav.logging.AMPLoggingFactory] AMPLoggingProtocol connection established (HOST:UNIXSocket('/var/run/caldavd/caldavd.socket') PEER:UNIXSocket(''))
2009-03-04 11:45:48+0100 [-] [caldav-8008]  [-] AMP connection established (HOST:UNIXSocket(None) PEER:UNIXSocket('/var/run/caldavd/caldavd.socket'))
2009-03-04 10:47:39+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] "Directory service <XMLDirectoryService 'DOMAIN.LOCAL': FilePath('/etc/caldavd/accounts.xml')> has no GUID; generating service GUID from realm name."
2009-03-04 10:47:39+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] "Directory service <SudoDirectoryService 'DOMAIN.LOCAL': FilePath('/etc/caldavd/sudoers.plist')> has no GUID; generating service GUID from realm name."
2009-03-04 10:47:39+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] GET /calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-04 10:47:39+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 'Authentication failed: Invalid nonce value: 6152332 -- a lot of numbers here (ndr)-- 554623523'
2009-03-04 10:47:45+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] GET /calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-04 10:47:45+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] Exception rendering:
2009-03-04 10:47:45+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] Unhandled Error
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	Traceback (most recent call last):
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 186, in addCallbacks
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    self._runCallbacks()
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 328, in _runCallbacks
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    self.result = callback(self.result, *args, **kw)
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twisted/web2/dav/resource.py", line 722, in login
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    d = request.portal.login(pcreds, None, *request.loginInterfaces)
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twisted/cred/portal.py", line 114, in login
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    return maybeDeferred(self.checkers[i].requestAvatarId, credentials
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	--- <exception caught here> ---
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 106, in maybeDeferred
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    result = f(*args, **kw)
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/aggregate.py", line 135, in requestAvatarId
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    type).requestAvatarId(credentials)
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/directory.py", line 109, in requestAvatarId
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    if user.verifyCredentials(credentials.credentials):
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/xmlfile.py", line 144, in verifyCredentials
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    return credentials.checkPassword(self.password)
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twisted/web2/auth/digest.py", line 153, in checkPassword
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	  File "/usr/lib/python2.5/site-packages/twisted/web2/auth/digest.py", line 62, in calcHA1
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	    m.update(pszPassword)
2009-03-04 10:47:45+0100 [-] [caldav-8008] 	exceptions.TypeError: update() argument 1 must be string or read-only buffer, not None

the account.xml is:
<!DOCTYPE accounts SYSTEM "accounts.dtd">

<accounts realm="DOMAIN.LOCAL">
  <user>
    <uid>admin</uid>
    <name>Super User</name>
  </user>
  <user>
    <uid>marco.ghidinelli</uid>
    <name>Marco Ghidinelli</name>
    <cuaddr>mailto:marco.ghidinelli at domain.net</cuaddr>
  </user>
</accounts>